/**
 * 
 */
package net.toocruel.iqismart.web.security;

import net.toocruel.iqismart.security.core.authorize.AuthorizeConfigProvider;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;

/**
 * @author toocruel
 */
@Component
@Order(Integer.MAX_VALUE)
public class RbacAuthorizeConfigProvider implements AuthorizeConfigProvider {

	/* (non-Javadoc)
	 * @see net.toocruel.iqismart.security.core.authorize.AuthorizeConfigProvider#config(org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry)
	 */
	@Override
	public boolean config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
		config
			.antMatchers(HttpMethod.GET,"/questions","/questions/*",
					"/topics","/topics/*",
					"/articles","/articles/*",
					"/shop",
					"/image/avatar/**","/upload/**","/common/**","/image/upload",
					"/css/**","/fonts/**","/js/**","/static/**","/").permitAll()
				.antMatchers(HttpMethod.GET,
					"/**/*.html",
					"/ajax/unreadNotifications",
					"/ajax/unreadMessages",
					"/admin/me",
					"/resource").authenticated()
			.antMatchers("/admin/","/admin","/admin/**").hasRole("ADMIN")
			.regexMatchers(HttpMethod.GET,"/question/[0-9]+(\\?\\S+)*").permitAll()
			.regexMatchers(HttpMethod.GET,"/question/[0-9]+/comments").permitAll()
			.regexMatchers(HttpMethod.POST,"/question/[0-9]+/inviteUser").permitAll()
			.regexMatchers(HttpMethod.POST,"/question/[0-9]+/inviteEmail").permitAll()
			.regexMatchers(HttpMethod.GET,"/question/[0-9]+/invitations/\\S+").permitAll()

			.regexMatchers(HttpMethod.GET,"/topic/[0-9]+(\\?\\S+)*").permitAll()
			.regexMatchers(HttpMethod.GET,"/goods/[0-9]+(\\?\\S+)*").permitAll()
			.regexMatchers(HttpMethod.GET,"/article/[0-9]+(\\?\\S+)*").permitAll()
//			.regexMatchers(HttpMethod.GET,"/article/[0-9]+").permitAll()
			.regexMatchers(HttpMethod.GET,"/article/[0-9]+/comments").permitAll()
			.antMatchers("/ajax/loadInviteUsers").permitAll()
//			.regexMatchers("/question/create").hasAnyRole("USER","ADMIN")
//			.regexMatchers("/comment/store").hasAnyRole("USER","ADMIN")
			.anyRequest()
				.access("@rbacService.hasPermission(request, authentication)");
		return true;
	}

}
